unable to verify the first certificate proxy nginx

Question

I'm config the nginx using together frontend and backend the same domain like

my-domain.com -> frontend

my-domain.com/api/ -> backend.

When running HTTP it's run ok, but I'm config https, it's not run the first request. I don't know what wrong.

Frontend I'm using NextJs, SSR framework

I'm using isomorphic-unfetch request.

Please help me, Thanks.

upstream customer-ssr {
    server 127.0.0.1:3030;
    keepalive 64;
}

server {
    listen 80;
    server_name  my-domain.com www.my-domain.com;
    return 301 https://my-domain.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.my-domain.com;
    return 301 $scheme://my-domain.com$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    server_name my-domain.com;

    root     /home/my-domain/my-domain-web/current;

    ssl_certificate /etc/nginx/ssl/my-domain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/my-domain.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    add_header          Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_max_temp_file_size 0;
        proxy_pass http://customer-ssr;
        proxy_redirect off;
        proxy_read_timeout 240s;
    }

    location /api/ {
       proxy_buffering       off;
       proxy_set_header      Host              $proxy_host;
       proxy_set_header      X-Real-IP         $remote_addr;
       proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;
       proxy_set_header      X-Forwarded-Proto $scheme;
       proxy_pass            http://110.95.104.901:8888;
    }
}

SSL key error, can you check them on https://www.sslshopper.com/certificate-key-matcher.html first — Thanh Nguyen Van, Apr 23 '18 at 07:08
I think everyone ok, `The certificate and private key match! ` — Vo Manh Kien, Apr 23 '18 at 07:13
yes, my certificates for [thichviec.vn](http://thichviec.vn) — Vo Manh Kien, Apr 23 '18 at 07:18
if you know how to config different the same domain, please suggest for me — Vo Manh Kien, Apr 23 '18 at 07:21
`ssl_certificate /etc/nginx/ssl/my-domain.com.crt;` its chain key ? — Thanh Nguyen Van, Apr 23 '18 at 07:28
can you check that https://stackoverflow.com/questions/20082893/unable-to-verify-leaf-signature — Thanh Nguyen Van, Apr 23 '18 at 07:49
I did try, but it's not running. `ssl-root-cas` `"rejectUnauthorized": false` — Vo Manh Kien, Apr 23 '18 at 07:54
```const https = require("https"); const agent = new https.Agent({ rejectUnauthorized: false }) fetch(myUrl, { agent })```https://github.com/bitinn/node-fetch/issues/19 — Thanh Nguyen Van, Apr 23 '18 at 07:58

score -1 · Answer 1 · edited Dec 11 '18 at 09:15

-1

Write this line on you main(index/server).js file:

/**
 * Handle UNABLE_TO_VERIFY_LEAF_SIGNATURE error
**/
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

edited Dec 11 '18 at 09:15

barbsan

3,418
11
21
28

answered Dec 11 '18 at 08:53

Abhishek

1

unable to verify the first certificate proxy nginx

1 Answers1